Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ncar!tank!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.wizards
Subject: Re: setuid shell scripts
Message-ID: <14673@mimsy.UUCP>
Date: 22 Nov 88 04:12:57 GMT
References: <850@cantuar.UUCP> <1627@solo8.cs.vu.nl> <855@cantuar.UUCP> <5300@watdcsu.waterloo.edu>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 17

In article <5300@watdcsu.waterloo.edu> dmcanzi@watdcsu.waterloo.edu
(David Canzi) writes:
>Okay, how about this?
>(2) checks that all directories in the path are searchable by
>    the invoker, owned only by root or bin, and modifiable only
>    by owner.

Since you can check only one path component at a time, this is still
susceptible to spoofing.

(The `access()' syscall has the same problem.  The only way to be
*sure* that user 1234 has the permission to do something is to be user
1234 and do the something.  setreuid() does the trick, as does a
correct implementation of saved setuid [i.e., not the one in SysV].)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris